Automating compliance checks
by Sven Vermeulen, post on Sat 03 March 2018With the configuration baseline for a technical service being described fully (see the first, second and third post in this series), it is time to consider the validation of the settings in an automated manner. The preferred method for this is to use Open Vulnerability and Assessment Language (OVAL), which is nowadays managed by the Center for Internet Security, abbreviated as CISecurity. Previously, OVAL was maintained and managed by Mitre under NIST supervision, and Google searches will often still point to the old sites. However, documentation is now maintained on CISecurity's github repositories.
But I digress...
Doing a content check with OVAL
by Sven Vermeulen, post on Tue 24 December 2013Let's create an OVAL check to see if /etc/inittab
's single user
definitions only refer to /sbin/sulogin
or /sbin/rc single
. First,
the skeleton:
(XML content lost during blog conversion)
The first thing we notice is that there are several namespaces defined within OVAL. These namespaces refer to …
What is OVAL?
by Sven Vermeulen, post on Sun 22 December 2013Time to discuss OVAL (Open Vulnerability Assessment Language). In all the previous posts I focused the checking of rules (does the system comply with the given rule) on scripts, through the Script Check Engine supported by openscap. The advantage of SCE is that most people can quickly provide automated checks …
Putting OVAL at work
by Sven Vermeulen, post on Thu 01 August 2013When we look at the SCAP security standards, you might get the feeling of "How does this work". The underlying interfaces, like OVAL and XCCDF, might seem a bit daunting to implement.
This is correct, but you need to remember that the standards are protocols, agreements that can be made …